by Coinstrooper Crypto Articles
Quick Take
  • Instead of securing the crypto seizure in new government-controlled wallets, authorities displayed the original recovery codes to the public eye.
  • The Leak: The NTS published press photos featuring legible handwritten notes containing the 24-word recovery phrases for seized Ledger wallets.
  • The Loss: Thieves drained approximately 4 million PRTG tokens, valued at roughly $4.8 million (6.9 billion KRW), using the exposed codes.
  • The Failure: The incident exposes a critical gap in Institutional Custody protocols, as agents failed to transfer assets to secure storage before publicity.

What Happened

Police are now investigating, but the blockchain’s immutability makes retrieval difficult without the thief’s cooperation.

While the paper loss is nearly $5 million, liquidity for PRTG is thin. Dumping that volume on open markets would likely crash the price, meaning the realizable value for the hacker is significantly lower.

This was not a technical hack. It was a failure of procedure. Institutional custody requires more than just seizing a physical device; it mandates the immediate transfer of digital assets to a secure, government-controlled environment.

Market Context

The financial damage is substantial, though market realities may blunt the thief’s actual payday.

Why It Matters

The National Tax Service (NTS) of South Korea turned a routine enforcement victory into a historic operational failure this week, leaking private keys in a press release that resulted in the theft of $4.8 million in seized assets.

The agency published unredacted high-resolution photos of hardware wallets containing a visible seed phrase leak, allowing opportunistic on-chain actors to drain 4 million PRTG Tokens remotely.

Details

It was a preventable catastrophe. Instead of securing the crypto seizure in new government-controlled wallets, authorities displayed the original recovery codes to the public eye. The funds were gone within hours.

The Leak: The NTS published press photos featuring legible handwritten notes containing the 24-word recovery phrases for seized Ledger wallets.

The Loss: Thieves drained approximately 4 million PRTG tokens, valued at roughly $4.8 million (6.9 billion KRW), using the exposed codes.

The Failure: The incident exposes a critical gap in Institutional Custody protocols, as agents failed to transfer assets to secure storage before publicity.

Discover: The best crypto to diversify your portfolio with

How The National Tax Service of South Korea Lost $5 Million in Crypto in Hours

On February 26, the National Tax Service issued a press release announcing the seizure of 8.1 billion KRW ($5.5 million today) from high-net-worth tax evaders.

To illustrate the action, the agency included photos of the physical assets, including a Ledger hardware wallet. Beside the device lay a handwritten note containing the complete mnemonic recovery phrase, the master key that grants full access to the funds regardless of who holds the physical device.

The image was high enough resolution that the words were legible. For anyone with a basic understanding of crypto self-custody, the photo was equivalent to posting a bank account number and PIN on a billboard.

According to Gizmodo and local reports, the theft occurred in two waves. A first actor drained the wallet but, perhaps fearing the consequences of stealing from the government, returned the funds shortly after.

A second thief was less scrupulous. Roughly 2.5 hours later, this second actor transferred the restored funds out permanently.

The Scale of the Loss

The wallet contained 4 million PRTG (Pre-Retogeum) tokens, with a nominal value of approximately $4.8 million or 6.9 billion KRW. On-chain 0xBD04ccc050058a6A422851fA6c0F92BB65EB06ca" rel="nofollow noopener noreferrer" target="_blank">data shows the attacker funded the wallet with a small amount of ETH to cover gas fees before executing three rapid outbound transactions.

However, for the NTS, the loss is absolute; credits that were intended to satisfy tax debts have been wiped from the treasury’s balance sheet.

Institutional Custody: What Went Wrong

Leaving funds in a suspect’s original wallet and then photographing the recovery phrase betrays a fundamental misunderstanding of how digital bearer assets work.

The error highlights a stark contrast in regional institutional competence. While the Bank of Japan is rigorously testing blockchain infrastructure for high-level reserve settlements, South Korean tax authorities failed the most basic test of digital asset security: keeping the password secret.

The NTS has since apologized and pledged to revise its manuals, but the damage to credibility is done. Recovering the funds now depends entirely on police tracking, a reactive measure for a problem that was proactively created.